inspec 2.1.21 → 2.1.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +101 -101
- data/CHANGELOG.md +3062 -3045
- data/Gemfile +56 -56
- data/LICENSE +14 -14
- data/MAINTAINERS.md +33 -33
- data/MAINTAINERS.toml +52 -52
- data/README.md +447 -447
- data/Rakefile +322 -322
- data/bin/inspec +12 -12
- data/docs/.gitignore +2 -2
- data/docs/README.md +40 -40
- data/docs/dsl_inspec.md +258 -258
- data/docs/dsl_resource.md +100 -100
- data/docs/glossary.md +99 -99
- data/docs/habitat.md +191 -191
- data/docs/inspec_and_friends.md +114 -114
- data/docs/matchers.md +169 -169
- data/docs/migration.md +293 -293
- data/docs/platforms.md +118 -118
- data/docs/plugin_kitchen_inspec.md +50 -50
- data/docs/profiles.md +376 -376
- data/docs/reporters.md +105 -105
- data/docs/resources/aide_conf.md.erb +75 -75
- data/docs/resources/apache.md.erb +67 -67
- data/docs/resources/apache_conf.md.erb +68 -68
- data/docs/resources/apt.md.erb +71 -71
- data/docs/resources/audit_policy.md.erb +47 -47
- data/docs/resources/auditd.md.erb +79 -79
- data/docs/resources/auditd_conf.md.erb +68 -68
- data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
- data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
- data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
- data/docs/resources/aws_config_delivery_channel.md +79 -79
- data/docs/resources/aws_config_recorder.md.erb +71 -71
- data/docs/resources/aws_ec2_instance.md.erb +106 -106
- data/docs/resources/aws_iam_access_key.md.erb +123 -123
- data/docs/resources/aws_iam_access_keys.md.erb +198 -198
- data/docs/resources/aws_iam_group.md.erb +46 -46
- data/docs/resources/aws_iam_groups.md.erb +43 -43
- data/docs/resources/aws_iam_password_policy.md.erb +76 -76
- data/docs/resources/aws_iam_policies.md.erb +82 -82
- data/docs/resources/aws_iam_policy.md.erb +144 -144
- data/docs/resources/aws_iam_role.md.erb +63 -63
- data/docs/resources/aws_iam_root_user.md.erb +70 -58
- data/docs/resources/aws_iam_user.md.erb +64 -64
- data/docs/resources/aws_iam_users.md.erb +89 -89
- data/docs/resources/aws_kms_key.md.erb +171 -171
- data/docs/resources/aws_kms_keys.md.erb +84 -84
- data/docs/resources/aws_rds_instance.md.erb +60 -60
- data/docs/resources/aws_route_table.md.erb +47 -47
- data/docs/resources/aws_route_tables.md.erb +49 -0
- data/docs/resources/aws_s3_bucket.md.erb +134 -134
- data/docs/resources/aws_s3_bucket_object.md.erb +83 -83
- data/docs/resources/aws_s3_buckets.md.erb +53 -0
- data/docs/resources/aws_security_group.md.erb +151 -151
- data/docs/resources/aws_security_groups.md.erb +91 -91
- data/docs/resources/aws_sns_subscription.md.erb +124 -124
- data/docs/resources/aws_sns_topic.md.erb +63 -63
- data/docs/resources/aws_sns_topics.md.erb +52 -52
- data/docs/resources/aws_subnet.md.erb +134 -134
- data/docs/resources/aws_subnets.md.erb +126 -126
- data/docs/resources/aws_vpc.md.erb +120 -120
- data/docs/resources/aws_vpcs.md.erb +48 -48
- data/docs/resources/azure_generic_resource.md.erb +171 -171
- data/docs/resources/azure_resource_group.md.erb +284 -284
- data/docs/resources/azure_virtual_machine.md.erb +347 -347
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
- data/docs/resources/bash.md.erb +75 -75
- data/docs/resources/bond.md.erb +90 -90
- data/docs/resources/bridge.md.erb +57 -57
- data/docs/resources/bsd_service.md.erb +67 -67
- data/docs/resources/chocolatey_package.md.erb +58 -0
- data/docs/resources/command.md.erb +138 -138
- data/docs/resources/cpan.md.erb +79 -79
- data/docs/resources/cran.md.erb +64 -64
- data/docs/resources/crontab.md.erb +89 -89
- data/docs/resources/csv.md.erb +54 -54
- data/docs/resources/dh_params.md.erb +205 -205
- data/docs/resources/directory.md.erb +30 -30
- data/docs/resources/docker.md.erb +219 -219
- data/docs/resources/docker_container.md.erb +103 -103
- data/docs/resources/docker_image.md.erb +94 -94
- data/docs/resources/docker_service.md.erb +114 -114
- data/docs/resources/elasticsearch.md.erb +242 -242
- data/docs/resources/etc_fstab.md.erb +125 -125
- data/docs/resources/etc_group.md.erb +75 -75
- data/docs/resources/etc_hosts.md.erb +78 -78
- data/docs/resources/etc_hosts_allow.md.erb +74 -74
- data/docs/resources/etc_hosts_deny.md.erb +74 -74
- data/docs/resources/file.md.erb +526 -526
- data/docs/resources/filesystem.md.erb +41 -41
- data/docs/resources/firewalld.md.erb +107 -107
- data/docs/resources/gem.md.erb +79 -79
- data/docs/resources/group.md.erb +61 -61
- data/docs/resources/grub_conf.md.erb +101 -101
- data/docs/resources/host.md.erb +86 -86
- data/docs/resources/http.md.erb +196 -196
- data/docs/resources/iis_app.md.erb +122 -122
- data/docs/resources/iis_site.md.erb +135 -135
- data/docs/resources/inetd_conf.md.erb +94 -94
- data/docs/resources/ini.md.erb +76 -76
- data/docs/resources/interface.md.erb +58 -58
- data/docs/resources/iptables.md.erb +64 -64
- data/docs/resources/json.md.erb +63 -63
- data/docs/resources/kernel_module.md.erb +120 -120
- data/docs/resources/kernel_parameter.md.erb +53 -53
- data/docs/resources/key_rsa.md.erb +85 -85
- data/docs/resources/launchd_service.md.erb +57 -57
- data/docs/resources/limits_conf.md.erb +75 -75
- data/docs/resources/login_defs.md.erb +71 -71
- data/docs/resources/mount.md.erb +69 -69
- data/docs/resources/mssql_session.md.erb +60 -60
- data/docs/resources/mysql_conf.md.erb +99 -99
- data/docs/resources/mysql_session.md.erb +74 -74
- data/docs/resources/nginx.md.erb +79 -79
- data/docs/resources/nginx_conf.md.erb +138 -138
- data/docs/resources/npm.md.erb +60 -60
- data/docs/resources/ntp_conf.md.erb +60 -60
- data/docs/resources/oneget.md.erb +53 -53
- data/docs/resources/oracledb_session.md.erb +52 -52
- data/docs/resources/os.md.erb +141 -141
- data/docs/resources/os_env.md.erb +78 -78
- data/docs/resources/package.md.erb +120 -120
- data/docs/resources/packages.md.erb +67 -67
- data/docs/resources/parse_config.md.erb +103 -103
- data/docs/resources/parse_config_file.md.erb +138 -138
- data/docs/resources/passwd.md.erb +141 -141
- data/docs/resources/pip.md.erb +67 -67
- data/docs/resources/port.md.erb +137 -137
- data/docs/resources/postgres_conf.md.erb +79 -79
- data/docs/resources/postgres_hba_conf.md.erb +93 -93
- data/docs/resources/postgres_ident_conf.md.erb +76 -76
- data/docs/resources/postgres_session.md.erb +69 -69
- data/docs/resources/powershell.md.erb +102 -102
- data/docs/resources/processes.md.erb +109 -109
- data/docs/resources/rabbitmq_config.md.erb +41 -41
- data/docs/resources/registry_key.md.erb +158 -158
- data/docs/resources/runit_service.md.erb +57 -57
- data/docs/resources/security_policy.md.erb +47 -47
- data/docs/resources/service.md.erb +121 -121
- data/docs/resources/shadow.md.erb +146 -146
- data/docs/resources/ssh_config.md.erb +73 -73
- data/docs/resources/sshd_config.md.erb +83 -83
- data/docs/resources/ssl.md.erb +119 -119
- data/docs/resources/sys_info.md.erb +42 -42
- data/docs/resources/systemd_service.md.erb +57 -57
- data/docs/resources/sysv_service.md.erb +57 -57
- data/docs/resources/upstart_service.md.erb +57 -57
- data/docs/resources/user.md.erb +140 -140
- data/docs/resources/users.md.erb +127 -127
- data/docs/resources/vbscript.md.erb +55 -55
- data/docs/resources/virtualization.md.erb +57 -57
- data/docs/resources/windows_feature.md.erb +47 -47
- data/docs/resources/windows_hotfix.md.erb +53 -53
- data/docs/resources/windows_task.md.erb +95 -95
- data/docs/resources/wmi.md.erb +81 -81
- data/docs/resources/x509_certificate.md.erb +151 -151
- data/docs/resources/xinetd_conf.md.erb +156 -156
- data/docs/resources/xml.md.erb +85 -85
- data/docs/resources/yaml.md.erb +69 -69
- data/docs/resources/yum.md.erb +98 -98
- data/docs/resources/zfs_dataset.md.erb +53 -53
- data/docs/resources/zfs_pool.md.erb +47 -47
- data/docs/ruby_usage.md +203 -203
- data/docs/shared/matcher_be.md.erb +1 -1
- data/docs/shared/matcher_cmp.md.erb +43 -43
- data/docs/shared/matcher_eq.md.erb +3 -3
- data/docs/shared/matcher_include.md.erb +1 -1
- data/docs/shared/matcher_match.md.erb +1 -1
- data/docs/shell.md +217 -217
- data/examples/README.md +8 -8
- data/examples/inheritance/README.md +65 -65
- data/examples/inheritance/controls/example.rb +14 -14
- data/examples/inheritance/inspec.yml +15 -15
- data/examples/kitchen-ansible/.kitchen.yml +25 -25
- data/examples/kitchen-ansible/Gemfile +19 -19
- data/examples/kitchen-ansible/README.md +53 -53
- data/examples/kitchen-ansible/files/nginx.repo +6 -6
- data/examples/kitchen-ansible/tasks/main.yml +16 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-chef/.kitchen.yml +20 -20
- data/examples/kitchen-chef/Berksfile +3 -3
- data/examples/kitchen-chef/Gemfile +19 -19
- data/examples/kitchen-chef/README.md +27 -27
- data/examples/kitchen-chef/metadata.rb +7 -7
- data/examples/kitchen-chef/recipes/default.rb +6 -6
- data/examples/kitchen-chef/recipes/nginx.rb +30 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-puppet/.kitchen.yml +22 -22
- data/examples/kitchen-puppet/Gemfile +20 -20
- data/examples/kitchen-puppet/Puppetfile +25 -25
- data/examples/kitchen-puppet/README.md +53 -53
- data/examples/kitchen-puppet/manifests/site.pp +33 -33
- data/examples/kitchen-puppet/metadata.json +11 -11
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
- data/examples/meta-profile/README.md +37 -37
- data/examples/meta-profile/controls/example.rb +13 -13
- data/examples/meta-profile/inspec.yml +13 -13
- data/examples/profile-attribute.yml +2 -2
- data/examples/profile-attribute/README.md +14 -14
- data/examples/profile-attribute/controls/example.rb +11 -11
- data/examples/profile-attribute/inspec.yml +8 -8
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
- data/examples/profile-aws/inspec.yml +11 -11
- data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
- data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
- data/examples/profile-azure/inspec.yml +11 -11
- data/examples/profile-sensitive/README.md +29 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
- data/examples/profile-sensitive/controls/sensitive.rb +9 -9
- data/examples/profile-sensitive/inspec.yml +8 -8
- data/examples/profile/README.md +48 -48
- data/examples/profile/controls/example.rb +23 -23
- data/examples/profile/controls/gordon.rb +36 -36
- data/examples/profile/controls/meta.rb +34 -34
- data/examples/profile/inspec.yml +10 -10
- data/examples/profile/libraries/gordon_config.rb +59 -53
- data/inspec.gemspec +47 -47
- data/lib/bundles/README.md +3 -3
- data/lib/bundles/inspec-artifact.rb +7 -7
- data/lib/bundles/inspec-artifact/README.md +1 -1
- data/lib/bundles/inspec-artifact/cli.rb +277 -277
- data/lib/bundles/inspec-compliance.rb +16 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
- data/lib/bundles/inspec-compliance/README.md +185 -185
- data/lib/bundles/inspec-compliance/api.rb +316 -316
- data/lib/bundles/inspec-compliance/api/login.rb +152 -152
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
- data/lib/bundles/inspec-compliance/cli.rb +254 -254
- data/lib/bundles/inspec-compliance/configuration.rb +103 -103
- data/lib/bundles/inspec-compliance/http.rb +86 -86
- data/lib/bundles/inspec-compliance/support.rb +36 -36
- data/lib/bundles/inspec-compliance/target.rb +98 -98
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
- data/lib/bundles/inspec-habitat.rb +12 -12
- data/lib/bundles/inspec-habitat/cli.rb +36 -36
- data/lib/bundles/inspec-habitat/log.rb +10 -10
- data/lib/bundles/inspec-habitat/profile.rb +391 -391
- data/lib/bundles/inspec-init.rb +8 -8
- data/lib/bundles/inspec-init/README.md +31 -31
- data/lib/bundles/inspec-init/cli.rb +97 -97
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
- data/lib/bundles/inspec-supermarket.rb +13 -13
- data/lib/bundles/inspec-supermarket/README.md +45 -45
- data/lib/bundles/inspec-supermarket/api.rb +84 -84
- data/lib/bundles/inspec-supermarket/cli.rb +73 -73
- data/lib/bundles/inspec-supermarket/target.rb +34 -34
- data/lib/fetchers/git.rb +163 -163
- data/lib/fetchers/local.rb +74 -74
- data/lib/fetchers/mock.rb +35 -35
- data/lib/fetchers/url.rb +204 -204
- data/lib/inspec.rb +24 -24
- data/lib/inspec/archive/tar.rb +29 -29
- data/lib/inspec/archive/zip.rb +19 -19
- data/lib/inspec/backend.rb +93 -93
- data/lib/inspec/base_cli.rb +363 -357
- data/lib/inspec/cached_fetcher.rb +66 -66
- data/lib/inspec/cli.rb +292 -292
- data/lib/inspec/completions/bash.sh.erb +45 -45
- data/lib/inspec/completions/fish.sh.erb +34 -34
- data/lib/inspec/completions/zsh.sh.erb +61 -61
- data/lib/inspec/control_eval_context.rb +179 -179
- data/lib/inspec/dependencies/cache.rb +72 -72
- data/lib/inspec/dependencies/dependency_set.rb +92 -92
- data/lib/inspec/dependencies/lockfile.rb +115 -115
- data/lib/inspec/dependencies/requirement.rb +123 -123
- data/lib/inspec/dependencies/resolver.rb +86 -86
- data/lib/inspec/describe.rb +27 -27
- data/lib/inspec/dsl.rb +66 -66
- data/lib/inspec/dsl_shared.rb +33 -33
- data/lib/inspec/env_printer.rb +157 -157
- data/lib/inspec/errors.rb +14 -13
- data/lib/inspec/exceptions.rb +12 -12
- data/lib/inspec/expect.rb +45 -45
- data/lib/inspec/fetcher.rb +45 -45
- data/lib/inspec/file_provider.rb +275 -275
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +259 -250
- data/lib/inspec/formatters/json_rspec.rb +20 -20
- data/lib/inspec/formatters/show_progress.rb +12 -12
- data/lib/inspec/library_eval_context.rb +58 -58
- data/lib/inspec/log.rb +11 -11
- data/lib/inspec/metadata.rb +247 -247
- data/lib/inspec/method_source.rb +24 -24
- data/lib/inspec/objects.rb +14 -14
- data/lib/inspec/objects/attribute.rb +65 -65
- data/lib/inspec/objects/control.rb +61 -61
- data/lib/inspec/objects/describe.rb +92 -92
- data/lib/inspec/objects/each_loop.rb +36 -36
- data/lib/inspec/objects/list.rb +15 -15
- data/lib/inspec/objects/or_test.rb +40 -40
- data/lib/inspec/objects/ruby_helper.rb +15 -15
- data/lib/inspec/objects/tag.rb +27 -27
- data/lib/inspec/objects/test.rb +87 -87
- data/lib/inspec/objects/value.rb +27 -27
- data/lib/inspec/plugins.rb +60 -60
- data/lib/inspec/plugins/cli.rb +24 -24
- data/lib/inspec/plugins/fetcher.rb +86 -86
- data/lib/inspec/plugins/resource.rb +135 -135
- data/lib/inspec/plugins/secret.rb +15 -15
- data/lib/inspec/plugins/source_reader.rb +40 -40
- data/lib/inspec/polyfill.rb +12 -12
- data/lib/inspec/profile.rb +513 -513
- data/lib/inspec/profile_context.rb +208 -208
- data/lib/inspec/profile_vendor.rb +66 -66
- data/lib/inspec/reporters.rb +60 -54
- data/lib/inspec/reporters/automate.rb +76 -0
- data/lib/inspec/reporters/base.rb +25 -24
- data/lib/inspec/reporters/cli.rb +356 -356
- data/lib/inspec/reporters/json.rb +116 -116
- data/lib/inspec/reporters/json_min.rb +48 -48
- data/lib/inspec/reporters/junit.rb +77 -77
- data/lib/inspec/require_loader.rb +33 -33
- data/lib/inspec/resource.rb +187 -186
- data/lib/inspec/rule.rb +266 -266
- data/lib/inspec/runner.rb +345 -345
- data/lib/inspec/runner_mock.rb +41 -41
- data/lib/inspec/runner_rspec.rb +175 -175
- data/lib/inspec/runtime_profile.rb +26 -26
- data/lib/inspec/schema.rb +213 -213
- data/lib/inspec/secrets.rb +19 -19
- data/lib/inspec/secrets/yaml.rb +30 -30
- data/lib/inspec/shell.rb +220 -220
- data/lib/inspec/shell_detector.rb +90 -90
- data/lib/inspec/source_reader.rb +29 -29
- data/lib/inspec/version.rb +8 -8
- data/lib/matchers/matchers.rb +339 -339
- data/lib/resource_support/aws.rb +49 -47
- data/lib/resource_support/aws/aws_backend_base.rb +12 -12
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
- data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
- data/lib/resources/aide_conf.rb +151 -151
- data/lib/resources/apache.rb +48 -48
- data/lib/resources/apache_conf.rb +149 -149
- data/lib/resources/apt.rb +149 -149
- data/lib/resources/audit_policy.rb +63 -63
- data/lib/resources/auditd.rb +231 -231
- data/lib/resources/auditd_conf.rb +46 -46
- data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
- data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
- data/lib/resources/aws/aws_config_delivery_channel.rb +76 -76
- data/lib/resources/aws/aws_config_recorder.rb +98 -98
- data/lib/resources/aws/aws_ec2_instance.rb +157 -157
- data/lib/resources/aws/aws_iam_access_key.rb +106 -106
- data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
- data/lib/resources/aws/aws_iam_group.rb +56 -56
- data/lib/resources/aws/aws_iam_groups.rb +52 -52
- data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
- data/lib/resources/aws/aws_iam_policies.rb +53 -53
- data/lib/resources/aws/aws_iam_policy.rb +125 -125
- data/lib/resources/aws/aws_iam_role.rb +51 -51
- data/lib/resources/aws/aws_iam_root_user.rb +78 -60
- data/lib/resources/aws/aws_iam_user.rb +111 -111
- data/lib/resources/aws/aws_iam_users.rb +108 -108
- data/lib/resources/aws/aws_kms_key.rb +96 -96
- data/lib/resources/aws/aws_kms_keys.rb +53 -53
- data/lib/resources/aws/aws_rds_instance.rb +71 -71
- data/lib/resources/aws/aws_route_table.rb +63 -63
- data/lib/resources/aws/aws_route_tables.rb +60 -0
- data/lib/resources/aws/aws_s3_bucket.rb +115 -115
- data/lib/resources/aws/aws_s3_bucket_object.rb +82 -82
- data/lib/resources/aws/aws_s3_buckets.rb +51 -0
- data/lib/resources/aws/aws_security_group.rb +93 -93
- data/lib/resources/aws/aws_security_groups.rb +68 -68
- data/lib/resources/aws/aws_sns_subscription.rb +78 -78
- data/lib/resources/aws/aws_sns_topic.rb +53 -53
- data/lib/resources/aws/aws_sns_topics.rb +56 -56
- data/lib/resources/aws/aws_subnet.rb +88 -88
- data/lib/resources/aws/aws_subnets.rb +53 -53
- data/lib/resources/aws/aws_vpc.rb +69 -69
- data/lib/resources/aws/aws_vpcs.rb +45 -45
- data/lib/resources/azure/azure_backend.rb +377 -377
- data/lib/resources/azure/azure_generic_resource.rb +59 -59
- data/lib/resources/azure/azure_resource_group.rb +152 -152
- data/lib/resources/azure/azure_virtual_machine.rb +264 -264
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +134 -134
- data/lib/resources/bash.rb +35 -35
- data/lib/resources/bond.rb +69 -69
- data/lib/resources/bridge.rb +122 -122
- data/lib/resources/chocolatey_package.rb +78 -0
- data/lib/resources/command.rb +73 -73
- data/lib/resources/cpan.rb +58 -58
- data/lib/resources/cran.rb +64 -64
- data/lib/resources/crontab.rb +169 -169
- data/lib/resources/csv.rb +56 -56
- data/lib/resources/dh_params.rb +77 -77
- data/lib/resources/directory.rb +25 -25
- data/lib/resources/docker.rb +236 -236
- data/lib/resources/docker_container.rb +89 -89
- data/lib/resources/docker_image.rb +83 -83
- data/lib/resources/docker_object.rb +57 -57
- data/lib/resources/docker_service.rb +90 -90
- data/lib/resources/elasticsearch.rb +169 -169
- data/lib/resources/etc_fstab.rb +94 -94
- data/lib/resources/etc_group.rb +152 -152
- data/lib/resources/etc_hosts.rb +66 -66
- data/lib/resources/etc_hosts_allow_deny.rb +112 -112
- data/lib/resources/file.rb +298 -298
- data/lib/resources/filesystem.rb +31 -31
- data/lib/resources/firewalld.rb +143 -143
- data/lib/resources/gem.rb +70 -70
- data/lib/resources/groups.rb +215 -215
- data/lib/resources/grub_conf.rb +227 -227
- data/lib/resources/host.rb +306 -306
- data/lib/resources/http.rb +253 -253
- data/lib/resources/iis_app.rb +101 -101
- data/lib/resources/iis_site.rb +148 -148
- data/lib/resources/inetd_conf.rb +54 -54
- data/lib/resources/ini.rb +29 -29
- data/lib/resources/interface.rb +129 -129
- data/lib/resources/iptables.rb +80 -80
- data/lib/resources/json.rb +107 -107
- data/lib/resources/kernel_module.rb +107 -107
- data/lib/resources/kernel_parameter.rb +58 -58
- data/lib/resources/key_rsa.rb +61 -61
- data/lib/resources/limits_conf.rb +46 -46
- data/lib/resources/login_def.rb +57 -57
- data/lib/resources/mount.rb +88 -88
- data/lib/resources/mssql_session.rb +101 -101
- data/lib/resources/mysql.rb +82 -81
- data/lib/resources/mysql_conf.rb +127 -127
- data/lib/resources/mysql_session.rb +85 -85
- data/lib/resources/nginx.rb +96 -96
- data/lib/resources/nginx_conf.rb +226 -226
- data/lib/resources/npm.rb +48 -48
- data/lib/resources/ntp_conf.rb +51 -51
- data/lib/resources/oneget.rb +71 -71
- data/lib/resources/oracledb_session.rb +139 -139
- data/lib/resources/os.rb +36 -36
- data/lib/resources/os_env.rb +75 -75
- data/lib/resources/package.rb +370 -370
- data/lib/resources/packages.rb +111 -111
- data/lib/resources/parse_config.rb +112 -112
- data/lib/resources/passwd.rb +76 -76
- data/lib/resources/pip.rb +130 -130
- data/lib/resources/platform.rb +109 -109
- data/lib/resources/port.rb +771 -771
- data/lib/resources/postgres.rb +131 -130
- data/lib/resources/postgres_conf.rb +114 -114
- data/lib/resources/postgres_hba_conf.rb +90 -90
- data/lib/resources/postgres_ident_conf.rb +79 -79
- data/lib/resources/postgres_session.rb +71 -71
- data/lib/resources/powershell.rb +66 -66
- data/lib/resources/processes.rb +204 -204
- data/lib/resources/rabbitmq_conf.rb +51 -51
- data/lib/resources/registry_key.rb +297 -297
- data/lib/resources/security_policy.rb +180 -180
- data/lib/resources/service.rb +794 -790
- data/lib/resources/shadow.rb +149 -149
- data/lib/resources/ssh_conf.rb +97 -97
- data/lib/resources/ssl.rb +99 -99
- data/lib/resources/sys_info.rb +28 -28
- data/lib/resources/toml.rb +32 -32
- data/lib/resources/users.rb +654 -654
- data/lib/resources/vbscript.rb +68 -68
- data/lib/resources/virtualization.rb +247 -247
- data/lib/resources/windows_feature.rb +84 -84
- data/lib/resources/windows_hotfix.rb +35 -35
- data/lib/resources/windows_task.rb +102 -102
- data/lib/resources/wmi.rb +110 -110
- data/lib/resources/x509_certificate.rb +137 -137
- data/lib/resources/xinetd.rb +106 -106
- data/lib/resources/xml.rb +46 -46
- data/lib/resources/yaml.rb +43 -43
- data/lib/resources/yum.rb +180 -180
- data/lib/resources/zfs_dataset.rb +60 -60
- data/lib/resources/zfs_pool.rb +49 -49
- data/lib/source_readers/flat.rb +39 -39
- data/lib/source_readers/inspec.rb +75 -75
- data/lib/utils/command_wrapper.rb +27 -27
- data/lib/utils/convert.rb +12 -12
- data/lib/utils/database_helpers.rb +77 -77
- data/lib/utils/erlang_parser.rb +192 -192
- data/lib/utils/file_reader.rb +25 -25
- data/lib/utils/filter.rb +273 -273
- data/lib/utils/filter_array.rb +27 -27
- data/lib/utils/find_files.rb +44 -44
- data/lib/utils/hash.rb +41 -41
- data/lib/utils/json_log.rb +18 -18
- data/lib/utils/latest_version.rb +22 -22
- data/lib/utils/modulator.rb +12 -12
- data/lib/utils/nginx_parser.rb +85 -85
- data/lib/utils/object_traversal.rb +49 -49
- data/lib/utils/parser.rb +274 -274
- data/lib/utils/plugin_registry.rb +93 -93
- data/lib/utils/simpleconfig.rb +120 -120
- data/lib/utils/spdx.rb +13 -13
- data/lib/utils/spdx.txt +343 -343
- metadata +9 -2
|
@@ -1,46 +1,46 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: About the aws_iam_group Resource
|
|
3
|
-
platform: aws
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
# aws\_iam\_group
|
|
7
|
-
|
|
8
|
-
Use the `aws_iam_group` InSpec audit resource to test properties of a single IAM group.
|
|
9
|
-
|
|
10
|
-
To test properties of multiple or all groups, use the `aws_iam_groups` resource.
|
|
11
|
-
|
|
12
|
-
<br>
|
|
13
|
-
|
|
14
|
-
## Syntax
|
|
15
|
-
|
|
16
|
-
An `aws_iam_group` resource block identifies a group by group name.
|
|
17
|
-
|
|
18
|
-
# Find a group by group name
|
|
19
|
-
describe aws_iam_group('mygroup') do
|
|
20
|
-
it { should exist }
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
# Hash syntax for group name
|
|
24
|
-
describe aws_iam_group(group_name: 'mygroup') do
|
|
25
|
-
it { should exist }
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
<br>
|
|
29
|
-
|
|
30
|
-
## Examples
|
|
31
|
-
|
|
32
|
-
The following examples show how to use this InSpec audit resource.
|
|
33
|
-
|
|
34
|
-
As this is the initial release of `aws_iam_group`, its limited functionality precludes examples.
|
|
35
|
-
|
|
36
|
-
<br>
|
|
37
|
-
|
|
38
|
-
## Matchers
|
|
39
|
-
|
|
40
|
-
### exists
|
|
41
|
-
|
|
42
|
-
The control will pass if a group with the given group name exists.
|
|
43
|
-
|
|
44
|
-
describe aws_iam_group('mygroup')
|
|
45
|
-
it { should exist }
|
|
46
|
-
end
|
|
1
|
+
---
|
|
2
|
+
title: About the aws_iam_group Resource
|
|
3
|
+
platform: aws
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# aws\_iam\_group
|
|
7
|
+
|
|
8
|
+
Use the `aws_iam_group` InSpec audit resource to test properties of a single IAM group.
|
|
9
|
+
|
|
10
|
+
To test properties of multiple or all groups, use the `aws_iam_groups` resource.
|
|
11
|
+
|
|
12
|
+
<br>
|
|
13
|
+
|
|
14
|
+
## Syntax
|
|
15
|
+
|
|
16
|
+
An `aws_iam_group` resource block identifies a group by group name.
|
|
17
|
+
|
|
18
|
+
# Find a group by group name
|
|
19
|
+
describe aws_iam_group('mygroup') do
|
|
20
|
+
it { should exist }
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
# Hash syntax for group name
|
|
24
|
+
describe aws_iam_group(group_name: 'mygroup') do
|
|
25
|
+
it { should exist }
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
<br>
|
|
29
|
+
|
|
30
|
+
## Examples
|
|
31
|
+
|
|
32
|
+
The following examples show how to use this InSpec audit resource.
|
|
33
|
+
|
|
34
|
+
As this is the initial release of `aws_iam_group`, its limited functionality precludes examples.
|
|
35
|
+
|
|
36
|
+
<br>
|
|
37
|
+
|
|
38
|
+
## Matchers
|
|
39
|
+
|
|
40
|
+
### exists
|
|
41
|
+
|
|
42
|
+
The control will pass if a group with the given group name exists.
|
|
43
|
+
|
|
44
|
+
describe aws_iam_group('mygroup')
|
|
45
|
+
it { should exist }
|
|
46
|
+
end
|
|
@@ -1,43 +1,43 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: About the aws_iam_groups Resource
|
|
3
|
-
platform: aws
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
# aws\_iam\_groups
|
|
7
|
-
|
|
8
|
-
Use the `aws_iam_groups` InSpec audit resource to test properties of all or multiple groups.
|
|
9
|
-
|
|
10
|
-
To test properties of a single group, use the `aws_iam_group` resource.
|
|
11
|
-
|
|
12
|
-
<br>
|
|
13
|
-
|
|
14
|
-
## Syntax
|
|
15
|
-
|
|
16
|
-
An `aws_iam_groups` resource block uses an optional filter to select a collection of IAM groups and then tests that collection.
|
|
17
|
-
|
|
18
|
-
# The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
|
|
19
|
-
describe aws_iam_groups do
|
|
20
|
-
it { should exist }
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
<br>
|
|
24
|
-
|
|
25
|
-
## Examples
|
|
26
|
-
|
|
27
|
-
The following examples show how to use this InSpec audit resource.
|
|
28
|
-
|
|
29
|
-
As this is the initial release of `aws_iam_groups`, its limited functionality precludes examples.
|
|
30
|
-
|
|
31
|
-
<br>
|
|
32
|
-
|
|
33
|
-
## Matchers
|
|
34
|
-
|
|
35
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
36
|
-
|
|
37
|
-
### exists
|
|
38
|
-
|
|
39
|
-
The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
|
|
40
|
-
|
|
41
|
-
describe aws_iam_groups
|
|
42
|
-
it { should exist }
|
|
43
|
-
end
|
|
1
|
+
---
|
|
2
|
+
title: About the aws_iam_groups Resource
|
|
3
|
+
platform: aws
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# aws\_iam\_groups
|
|
7
|
+
|
|
8
|
+
Use the `aws_iam_groups` InSpec audit resource to test properties of all or multiple groups.
|
|
9
|
+
|
|
10
|
+
To test properties of a single group, use the `aws_iam_group` resource.
|
|
11
|
+
|
|
12
|
+
<br>
|
|
13
|
+
|
|
14
|
+
## Syntax
|
|
15
|
+
|
|
16
|
+
An `aws_iam_groups` resource block uses an optional filter to select a collection of IAM groups and then tests that collection.
|
|
17
|
+
|
|
18
|
+
# The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
|
|
19
|
+
describe aws_iam_groups do
|
|
20
|
+
it { should exist }
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
<br>
|
|
24
|
+
|
|
25
|
+
## Examples
|
|
26
|
+
|
|
27
|
+
The following examples show how to use this InSpec audit resource.
|
|
28
|
+
|
|
29
|
+
As this is the initial release of `aws_iam_groups`, its limited functionality precludes examples.
|
|
30
|
+
|
|
31
|
+
<br>
|
|
32
|
+
|
|
33
|
+
## Matchers
|
|
34
|
+
|
|
35
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
36
|
+
|
|
37
|
+
### exists
|
|
38
|
+
|
|
39
|
+
The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
|
|
40
|
+
|
|
41
|
+
describe aws_iam_groups
|
|
42
|
+
it { should exist }
|
|
43
|
+
end
|
|
@@ -1,76 +1,76 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: About the aws_iam_password_policy Resource
|
|
3
|
-
platform: aws
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
# aws\_iam\_password\_policy
|
|
7
|
-
|
|
8
|
-
Use the `aws_iam_password_policy` InSpec audit resource to test properties of the AWS IAM Password Policy.
|
|
9
|
-
|
|
10
|
-
<br>
|
|
11
|
-
|
|
12
|
-
## Syntax
|
|
13
|
-
|
|
14
|
-
An `aws_iam_password_policy` resource block takes no parameters. Several properties and matchers are available.
|
|
15
|
-
|
|
16
|
-
describe aws_iam_password_policy do
|
|
17
|
-
it { should require_lowercase_characters }
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
<br>
|
|
21
|
-
|
|
22
|
-
## Properties
|
|
23
|
-
|
|
24
|
-
* `max_password_age_in_days`, `minimum_password_length`, `number_of_passwords_to_remember`
|
|
25
|
-
|
|
26
|
-
## Examples
|
|
27
|
-
|
|
28
|
-
The following examples show how to use this InSpec audit resource.
|
|
29
|
-
|
|
30
|
-
### Test that the IAM Password Policy requires lowercase characters, uppercase characters, numbers, symbols, and a minimum length greater than eight
|
|
31
|
-
|
|
32
|
-
describe aws_iam_password_policy do
|
|
33
|
-
it { should require_lowercase_characters }
|
|
34
|
-
it { should require_uppercase_characters }
|
|
35
|
-
it { should require_symbols }
|
|
36
|
-
it { should require_numbers }
|
|
37
|
-
its('minimum_password_length') { should be > 8 }
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
### Test that the IAM Password Policy allows users to change their password
|
|
41
|
-
|
|
42
|
-
describe aws_iam_password_policy do
|
|
43
|
-
it { should allow_users_to_change_passwords }
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
### Test that the IAM Password Policy expires passwords
|
|
47
|
-
|
|
48
|
-
describe aws_iam_password_policy do
|
|
49
|
-
it { should expire_passwords }
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
### Test that the IAM Password Policy has a max password age
|
|
53
|
-
|
|
54
|
-
describe aws_iam_password_policy do
|
|
55
|
-
its('max_password_age_in_days') { should be 90 }
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
### Test that the IAM Password Policy prevents password reuse
|
|
59
|
-
|
|
60
|
-
describe aws_iam_password_policy do
|
|
61
|
-
it { should prevent_password_reuse }
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
### Test that the IAM Password Policy requires users to remember 3 previous passwords
|
|
65
|
-
|
|
66
|
-
describe aws_iam_password_policy do
|
|
67
|
-
its('number_of_passwords_to_remember') { should eq 3 }
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
<br>
|
|
71
|
-
|
|
72
|
-
## Matchers
|
|
73
|
-
|
|
74
|
-
This resource uses the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
75
|
-
|
|
76
|
-
* `allows_users_to_change_passwords`, `expire_passwords`, `prevent_password_reuse`, `require_lowercase_characters` , `require_uppercase_characters`, `require_numbers`, `require_symbols`
|
|
1
|
+
---
|
|
2
|
+
title: About the aws_iam_password_policy Resource
|
|
3
|
+
platform: aws
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# aws\_iam\_password\_policy
|
|
7
|
+
|
|
8
|
+
Use the `aws_iam_password_policy` InSpec audit resource to test properties of the AWS IAM Password Policy.
|
|
9
|
+
|
|
10
|
+
<br>
|
|
11
|
+
|
|
12
|
+
## Syntax
|
|
13
|
+
|
|
14
|
+
An `aws_iam_password_policy` resource block takes no parameters. Several properties and matchers are available.
|
|
15
|
+
|
|
16
|
+
describe aws_iam_password_policy do
|
|
17
|
+
it { should require_lowercase_characters }
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
<br>
|
|
21
|
+
|
|
22
|
+
## Properties
|
|
23
|
+
|
|
24
|
+
* `max_password_age_in_days`, `minimum_password_length`, `number_of_passwords_to_remember`
|
|
25
|
+
|
|
26
|
+
## Examples
|
|
27
|
+
|
|
28
|
+
The following examples show how to use this InSpec audit resource.
|
|
29
|
+
|
|
30
|
+
### Test that the IAM Password Policy requires lowercase characters, uppercase characters, numbers, symbols, and a minimum length greater than eight
|
|
31
|
+
|
|
32
|
+
describe aws_iam_password_policy do
|
|
33
|
+
it { should require_lowercase_characters }
|
|
34
|
+
it { should require_uppercase_characters }
|
|
35
|
+
it { should require_symbols }
|
|
36
|
+
it { should require_numbers }
|
|
37
|
+
its('minimum_password_length') { should be > 8 }
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
### Test that the IAM Password Policy allows users to change their password
|
|
41
|
+
|
|
42
|
+
describe aws_iam_password_policy do
|
|
43
|
+
it { should allow_users_to_change_passwords }
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
### Test that the IAM Password Policy expires passwords
|
|
47
|
+
|
|
48
|
+
describe aws_iam_password_policy do
|
|
49
|
+
it { should expire_passwords }
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
### Test that the IAM Password Policy has a max password age
|
|
53
|
+
|
|
54
|
+
describe aws_iam_password_policy do
|
|
55
|
+
its('max_password_age_in_days') { should be 90 }
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
### Test that the IAM Password Policy prevents password reuse
|
|
59
|
+
|
|
60
|
+
describe aws_iam_password_policy do
|
|
61
|
+
it { should prevent_password_reuse }
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
### Test that the IAM Password Policy requires users to remember 3 previous passwords
|
|
65
|
+
|
|
66
|
+
describe aws_iam_password_policy do
|
|
67
|
+
its('number_of_passwords_to_remember') { should eq 3 }
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
<br>
|
|
71
|
+
|
|
72
|
+
## Matchers
|
|
73
|
+
|
|
74
|
+
This resource uses the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
75
|
+
|
|
76
|
+
* `allows_users_to_change_passwords`, `expire_passwords`, `prevent_password_reuse`, `require_lowercase_characters` , `require_uppercase_characters`, `require_numbers`, `require_symbols`
|
|
@@ -1,82 +1,82 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: About the aws_iam_policies Resource
|
|
3
|
-
platform: aws
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
# aws\_iam\_policies
|
|
7
|
-
|
|
8
|
-
Use the `aws_iam_policies` InSpec audit resource to test properties of some or all AWS IAM Policies.
|
|
9
|
-
|
|
10
|
-
A policy is an entity in AWS that, when attached to an identity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine if the request is allowed or denied.
|
|
11
|
-
|
|
12
|
-
Each IAM Policy is uniquely identified by either its `policy_name` or `arn`.
|
|
13
|
-
|
|
14
|
-
<br>
|
|
15
|
-
|
|
16
|
-
## Syntax
|
|
17
|
-
|
|
18
|
-
An `aws_iam_policies` resource block collects a group of IAM Policies and then tests that group.
|
|
19
|
-
|
|
20
|
-
# Verify the policy specified by the policy name is included in IAM Policies in the AWS account.
|
|
21
|
-
describe aws_iam_policies do
|
|
22
|
-
its('policy_names') { should include('test-policy-1') }
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
<br>
|
|
26
|
-
|
|
27
|
-
## Examples
|
|
28
|
-
|
|
29
|
-
The following examples show how to use this InSpec audit resource.
|
|
30
|
-
|
|
31
|
-
As this is the initial release of `aws_iam_policies`, its limited functionality precludes examples.
|
|
32
|
-
|
|
33
|
-
<br>
|
|
34
|
-
|
|
35
|
-
## Properties
|
|
36
|
-
|
|
37
|
-
* `arns`, `entries`, `policy_names`
|
|
38
|
-
|
|
39
|
-
<br>
|
|
40
|
-
|
|
41
|
-
## Property Examples
|
|
42
|
-
|
|
43
|
-
### policy\_names
|
|
44
|
-
|
|
45
|
-
Provides a list of policy names for all IAM Policies in the AWS account.
|
|
46
|
-
|
|
47
|
-
describe aws_iam_policies do
|
|
48
|
-
its('policy_names') { should include('test-policy-1') }
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
### arns
|
|
52
|
-
|
|
53
|
-
Provides a list of policy arns for all IAM Policies in the AWS account.
|
|
54
|
-
|
|
55
|
-
describe aws_iam_policies do
|
|
56
|
-
its('arns') { should include('arn:aws:iam::aws:policy/test-policy-1') }
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
### entries
|
|
60
|
-
|
|
61
|
-
Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.
|
|
62
|
-
|
|
63
|
-
# Allow at most 100 IAM Policies on the account
|
|
64
|
-
describe aws_iam_policies do
|
|
65
|
-
its('entries.count') { should be <= 100}
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
<br>
|
|
69
|
-
|
|
70
|
-
## Matchers
|
|
71
|
-
|
|
72
|
-
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
73
|
-
|
|
74
|
-
### exists
|
|
75
|
-
|
|
76
|
-
The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
|
|
77
|
-
|
|
78
|
-
# Verify that at least one IAM Policies exists.
|
|
79
|
-
describe aws_iam_policies
|
|
80
|
-
it { should exist }
|
|
81
|
-
end
|
|
82
|
-
|
|
1
|
+
---
|
|
2
|
+
title: About the aws_iam_policies Resource
|
|
3
|
+
platform: aws
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# aws\_iam\_policies
|
|
7
|
+
|
|
8
|
+
Use the `aws_iam_policies` InSpec audit resource to test properties of some or all AWS IAM Policies.
|
|
9
|
+
|
|
10
|
+
A policy is an entity in AWS that, when attached to an identity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine if the request is allowed or denied.
|
|
11
|
+
|
|
12
|
+
Each IAM Policy is uniquely identified by either its `policy_name` or `arn`.
|
|
13
|
+
|
|
14
|
+
<br>
|
|
15
|
+
|
|
16
|
+
## Syntax
|
|
17
|
+
|
|
18
|
+
An `aws_iam_policies` resource block collects a group of IAM Policies and then tests that group.
|
|
19
|
+
|
|
20
|
+
# Verify the policy specified by the policy name is included in IAM Policies in the AWS account.
|
|
21
|
+
describe aws_iam_policies do
|
|
22
|
+
its('policy_names') { should include('test-policy-1') }
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
<br>
|
|
26
|
+
|
|
27
|
+
## Examples
|
|
28
|
+
|
|
29
|
+
The following examples show how to use this InSpec audit resource.
|
|
30
|
+
|
|
31
|
+
As this is the initial release of `aws_iam_policies`, its limited functionality precludes examples.
|
|
32
|
+
|
|
33
|
+
<br>
|
|
34
|
+
|
|
35
|
+
## Properties
|
|
36
|
+
|
|
37
|
+
* `arns`, `entries`, `policy_names`
|
|
38
|
+
|
|
39
|
+
<br>
|
|
40
|
+
|
|
41
|
+
## Property Examples
|
|
42
|
+
|
|
43
|
+
### policy\_names
|
|
44
|
+
|
|
45
|
+
Provides a list of policy names for all IAM Policies in the AWS account.
|
|
46
|
+
|
|
47
|
+
describe aws_iam_policies do
|
|
48
|
+
its('policy_names') { should include('test-policy-1') }
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
### arns
|
|
52
|
+
|
|
53
|
+
Provides a list of policy arns for all IAM Policies in the AWS account.
|
|
54
|
+
|
|
55
|
+
describe aws_iam_policies do
|
|
56
|
+
its('arns') { should include('arn:aws:iam::aws:policy/test-policy-1') }
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
### entries
|
|
60
|
+
|
|
61
|
+
Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.
|
|
62
|
+
|
|
63
|
+
# Allow at most 100 IAM Policies on the account
|
|
64
|
+
describe aws_iam_policies do
|
|
65
|
+
its('entries.count') { should be <= 100}
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
<br>
|
|
69
|
+
|
|
70
|
+
## Matchers
|
|
71
|
+
|
|
72
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
73
|
+
|
|
74
|
+
### exists
|
|
75
|
+
|
|
76
|
+
The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
|
|
77
|
+
|
|
78
|
+
# Verify that at least one IAM Policies exists.
|
|
79
|
+
describe aws_iam_policies
|
|
80
|
+
it { should exist }
|
|
81
|
+
end
|
|
82
|
+
|